To reduce latency, I wonder if the phones were connecting to a covert site in Russia which had a high-bandwidth, lower-latency wired link, maybe a front company established in Russia for the operation with servers and broadband internet connections. Or maybe just a colocated server at a major backbone site in Russia was rented by a Russian front company. Seems like the kind of thing intelligence services do. While I'm sure Russia has more restrictions on renting colocated servers than the U.S., it's still something that needs to happen every day. Russia also has a fairly robust underground economy of less-than-legitimate companies doing illicit things, so there have to be ways for those companies to avoid restrictions (probably involving bribing certain people).
If the attack was coordinated this way, I assume whoever sold the colo to Ukrainian intelligence thought they were simply setting up yet another server for a shady Russian scam company. Foreign intelligence services often avoid scrutiny by using the same methods as domestic criminals in the target country.
Yes, I assume it probably does except maybe during periods of elevated alert. A large military airbase capable of being home base to bombers is like a small city, with thousands of civilian workers.
Anyway, the drones used mobile internet between the launch point outside the base and the pilots in Ukraine. The connection between the launch point and the drones was point-to-point drone control frequencies which does not use the mobile phone network.
If the attack was coordinated this way, I assume whoever sold the colo to Ukrainian intelligence thought they were simply setting up yet another server for a shady Russian scam company. Foreign intelligence services often avoid scrutiny by using the same methods as domestic criminals in the target country.